CVE-2024-53270

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.29.12 Envoy versions prior to 1.30.9 Envoy versions prior to 1.31.5 Envoy versions prior to 1.32.3

Description The issue is related to the envoy.load shed points.http1 server abort dispatch configuration in Envoy, a cloud-native high-performance edge/middle/service proxy. In affected versions, sendOverloadError assumes the active request exists when this configuration is set. However, if active request is nullptr, only onMessageBeginImpl() is called, which can lead to a nullptr reference if the stream is already reset. This can cause Envoy to crash, particularly during the H/2 upstream reset. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Envoy versions prior to 1.29.12, upgrade to version 1.29.12 or later. For Envoy versions prior to 1.30.9, upgrade to version 1.30.9 or later. For Envoy versions prior to 1.31.5, upgrade to version 1.31.5 or later. For Envoy versions prior to 1.32.3, upgrade to version 1.32.3 or later. As a temporary workaround, consider disabling the http1 server abort dispatch load shed point and/or use a high threshold.